Transcript CS3280: Assembly Language Programming

COS2014: Assembly Language
Programming
Conditional Processing
Chapter Overview
•
•
•
•
•
•
Boolean and Comparison Instructions
Conditional Jumps
Conditional Loop Instructions
Conditional Structures
Application: Finite-State Machines
Using the .IF Directive
Boolean and Comparison Instructions
•
•
•
•
•
•
•
•
CPU Status Flags
AND Instruction
OR Instruction
XOR Instruction
NOT Instruction
Applications
TEST Instruction
CMP Instruction
Status Flags
็ ค่าเป็ น 1 เมือ
Zero flag จะเซต
่ ผลลัพธ์ทเี่ กิดจากการกระทาของ
โอเปอร์รานด์มค
ี า่ เป็ น 0
็ มีคา่ เป็ น 1 เนือ
Carry flag จะถูกเซต
่ งจากผลลัพธ์ทไี่ ด ้มีคา่ เกิน
ขนาดกว่า ตัวรับจะรองรับได ้.หรือมีการทดไปยังบิตที่ 9
็ มีคา่ เป็ น 1 เมือ
Sign flag จะถูกเซต
่ ผลลัพธ์ทเี่ กิดจาการกระทามีคา่
เป็ นลบ กรณีมค
ี า่ เป็ น 0 ผลลัพธ์จะมีคา่ เป็ นบวก.
็ มีคา่ เป็ น 1 เมือ
Overflow flag จะถูกเซต
่ ผลลัพธ์ทเี่ กิดจาการ
กระทามีคา่ เกินขนาด (bit 7 carry is XORed with bit 6 Carry).
็ มีคา่ เป็ น 1 เมือ
Parity flag จะถูกเซต
่ ผลลัพธ์ทเี่ กิดจาการกระทามี
จานวนค่า 1 ทีเ่ ป็ นคูต
่ วั ในไบต์ตา่ ของตัวรับ.
็ มีคา่ เป็ น 1 เมือ
Auxiliary Carry flag จะถูกเซต
่ ผลลัพธ์ทเี่ กิดจา
การกระทามีการทดค่าจากบิตที่ 3 ไปยังบิตที่ 4
AND Instruction
• การทางานของคาสงั่ AND จะเป็ นการทางาน
ระหว่างตัวโอเปอรานด์ 2 ตัว
• Syntax:
AND
AND destination, source
(same operand types as MOV)
00111011
AND 0 0 0 0 1 1 1 1
cleared
00001011
unchanged
OR Instruction
• การทางานของคาสงั่ OR จะเป็ นการทางาน
ระหว่างตัวโอเปอรานด์ 2 ตัว
• Syntax:
OR destination, source
OR
00111011
OR 0 0 0 0 1 1 1 1
unchanged
00111111
set
XOR Instruction
• Performs a Boolean exclusive-OR operation
between each pair of matching bits in two
operands
XOR
• Syntax:
XOR destination, source
00111011
XOR 0 0 0 0 1 1 1 1
unchanged
00110100
inverted
XOR is a useful way to toggle (invert) the bits in an operand.
NOT Instruction
• Performs a Boolean NOT operation on a
single destination operand
• Syntax:
NOT
NOT destination
NOT
00111011
11000100
inverted
Applications (1 of 5)
• การเปลีย
่ นตัวอักขระใน AL ให ้อยูใ่ นรูปของ upper
case.
• Solution: โดยใชค้ าสงั่ AND ในการเคลียบิทที่ 5
ของ AL.
mov al,'a‘
; AL = 01100001b
and al,11011111b ; AL = 01000001b
Applications
(2 of 5)
• Task: จงเปลีย
่ นค่าของไบนารีให ้อยูใ่ นรูปของ
ค่าเทียบเท่า ASCII decimal digit.
็ ค่าบิตที่
• Solution: โดยใชค้ าสงั่ OR ในการเซต
4 และ 5.
mov al,6
; AL = 00000110b
or al,00110000b ; AL = 00110110b
The ASCII digit '6' = 00110110b
Applications
(3 of 5)
• Task: Turn on the keyboard CapsLock key
• Solution: Use the OR instruction to set bit 6 in
the keyboard flag byte at 0040:0017h in the
BIOS data area.
mov ax,40h
; BIOS segment
mov ds,ax
mov bx,17h
; keyboard flag byte
or BYTE PTR [bx],01000000b
; CapsLock on
Q: Which mode(s) does this code work in?
Applications
(4 of 5)
• Task: Jump to a label if an integer is even.
• Solution: AND the lowest bit with a 1. If the result is
Zero, the number was even.
mov ax,wordVal
and ax,1
; low bit set?
jz EvenValue ; jump if Zero flag set
JZ (jump if Zero) is covered in Section 6.3.
Your turn: Write code that jumps to a label if an integer is
negative.
Applications
(5 of 5)
• Task: Jump to a label if the value in AL is not zero.
• Solution: OR the byte with itself, then use the JNZ (jump
if not zero) instruction.
or al,al
jnz IsNotZero ; jump if not zero
ORing any number with itself does not change its value.
TEST Instruction
• Performs a nondestructive AND operation between each pair of
matching bits in two operands
• No operands are modified, but the Zero flag is affected.
• Example: jump to a label if either bit 0 or bit 1 in AL is set.
test al,00000011b
jnz ValueFound
• Example: jump to a label if neither bit 0 nor bit 1 in AL is set.
test al,00000011b
jz
ValueNotFound
CMP Instruction
(1 of 3)
• Compares the destination operand to the source operand
• Nondestructive subtraction of source from destination (destination
operand is not changed)
• Syntax: CMP destination, source
• Example: destination == source
mov al,5
cmp al,5
; Zero flag set
• Example: destination < source
mov al,4
cmp al,5
; Carry flag set
CMP Instruction
(2 of 3)
• Example: destination > source
mov al,6
cmp al,5
; ZF = 0, CF = 0
(both the Zero and Carry flags are clear)
CMP Instruction
(3 of 3)
The comparisons shown here are performed with signed
integers.
• Example: destination > source
mov al,5
cmp al,-2
; Sign flag == Overflow flag
• Example: destination < source
mov al,-1
cmp al,5 ; Sign flag != Overflow flag
Conditional Jumps
• Jumps Based On . . .
•
•
•
•
Specific flags
Equality
Unsigned comparisons
Signed Comparisons
• Applications
• Encrypting a String
• Bit Test (BT) Instruction
Jcond Instruction
• A conditional jump instruction branches to a label
when specific register or flag conditions are met
• Examples:
• JB, JC jump to a label if the Carry flag is set
• JE, JZ jump to a label if the Zero flag is set
• JS jumps to a label if the Sign flag is set
• JNE, JNZ jump to a label if the Zero flag is clear
• JECXZ jumps to a label if ECX equals 0
Jcond Ranges
• Prior to the 386:
• jump must be within –128 to +127
bytes from current location counter
• IA-32 processors:
• 32-bit offset permits jump anywhere
in memory
Jumps Based on Specific Flags
Jumps Based on Equality
Jumps Based on Unsigned Comparisons
Jumps Based on Signed Comparisons
Example
The CMP instruction performs a bitwise AND on the
DL register affecting the Zero flag. The JNZ instruction jumps if
the Zero flag is clear
CMP al,0
Jz
l1
; jump if ZF = 1
.
l1:
AND dl,10110000b
Jnz
.
l1:
l1
; jump if ZF = 0
Applications
(1 of 5)
• Task: Jump to a label if unsigned EAX is greater than EBX
• Solution: Use CMP, followed by JA
cmp eax,ebx
ja Larger
• Task: Jump to a label if signed EAX is greater than EBX
• Solution: Use CMP, followed by JG
cmp eax,ebx
jg Greater
Applications
(2 of 5)
• Jump to label L1 if unsigned EAX is less than or equal to Val1
cmp eax,Val1
jbe L1
; below or equal
• Jump to label L1 if signed EAX is less than or equal to Val1
cmp eax,Val1
jle L1
Applications
(3 of 5)
• Compare unsigned AX to BX, and copy the larger of the two
into a variable named Large
mov
cmp
jna
mov
Next:
Large,bx
ax,bx
Next
Large,ax
• Compare signed AX to BX, and copy the smaller of the two
into a variable named Small
mov
cmp
jnl
mov
Next:
Small,ax
bx,ax
Next
Small,bx
Applications
(4 of 5)
• Jump to label L1 if the memory word pointed to by ESI equals
Zero
cmp WORD PTR [esi],0
je L1
• Jump to label L2 if the doubleword in memory pointed to by
EDI is even
test DWORD PTR [edi],1
jz
L2
Applications
(5 of 5)
• Task: Jump to label L1 if bits 0, 1, and 3 in AL are all set.
• Solution: Clear all bits except bits 0, 1,and 3. Then
compare the result with 00001011 binary.
and al,00001011b ; clear unwanted bits
cmp al,00001011b ; check remaining bits
je L1
; all set? jump to L1
Q: Why do we need the cmp instruction?
Encrypting a String
The following loop uses the XOR instruction to transform every
character in a string into a new value.
KEY = 239
; can be any byte value
BUFMAX = 128
.data
buffer BYTE BUFMAX+1 DUP(0)
bufSize DWORD BUFMAX
.code
mov ecx,bufSize
; loop counter
mov esi,0
; index 0 in buffer
L1:
xor buffer[esi],KEY ; translate a byte
inc esi
; point to next byte
loop L1
String Encryption Program
• Tasks:
•
•
•
•
•
Input a message (string) from the user
Encrypt the message
Display the encrypted message
Decrypt the message
Display the decrypted message
View the Encrypt.asm program's source code. Sample output:
Enter the plain text: Attack at dawn.
Cipher text: «¢¢Äîä-Ä¢-ïÄÿü-Gs
Decrypted: Attack at dawn.
BT (Bit Test) Instruction
• Copies bit n from an operand into the Carry flag
• Syntax: BT bitBase, n
• bitBase may be r/m16 or r/m32
• n may be r16, r32, or imm8
• Example: jump to label L1 if bit 9 is set in the AX
register:
bt AX,9
jc L1
; CF = bit 9
; jump if Carry
ถ ้าบิตที่ 5 เป็ น 1 เป็ นตัวบอกสถานะของเครือ
่ งปิ ด
MOV AL,STATUS
TEST AL,00100000B
;TEST BIT 5
JNZ EQUIOFFLINE
้
หรืออาจใชกระโดดถ
้าบิต 0,1,4 เป็ น 1
MOV AL,STATUS
TEST AL,00100011B ;TEST BIT 0,1,4
JNZ inputdatebyte
ถ ้าบิตที่ 2,3,7 เป็ น 1 จะกระโดดโดยใชค้ าสงั่ ทัง้
AND and CMP
MOV AL,STATUS
AND AL,10001100B
;TEST BIT 2 3 7
CMP AL,10001100B
;ALL BIT SET
JE RESETMACHINE
;YES JUMP LABEL
Larger of two integers : Compares the
unsigned integers in AX and BX and moves
the larger of the two to DX
L1:
mov dx,ax
;assume AX is larger
cmp ax,bx
;if AX is >=BX then
jae l1
;jump to L1
mov dx,bx
;Else move BX to DX
;DX contains larger integer
Small of three interger : unsogned values
in three variables V1 ,V2 ,V3 and move the
smallest into AX
.code
.data
mov ax,V1
; assume v1 smallest
cmp ax,v2
; if Ax <= V2 then
V1 word ?
jbe l1
V2 word ?
mov
V3 word ?
L1:
;jump to l1
ax,v2
cmp ax,v3
jbe
l2
mov ax,v3
L2:
;else mov v2 to ax
; if AX <= v3 then
; jump l2
; else move v3 to AX
Conditional Loop Instructions
• LOOPZ and LOOPE
• LOOPNZ and LOOPNE
Syntax is:
LOOPZ DESTINATION
LOOPZ and LOOPE
• Syntax:
LOOPE destination
LOOPZ destination
• Logic:
• ECX  ECX – 1
• if ECX > 0 and ZF=1, jump to destination
• Useful when scanning an array for the first
element that does not match a given value.
LOOPNZ and LOOPNE
• LOOPNZ (LOOPNE) is a conditional loop
instruction
• Syntax:
LOOPNZ destination
LOOPNE destination
• Logic:
• ECX  ECX – 1;
• if ECX > 0 and ZF=0, jump to destination
• Useful when scanning an array for the first
element that matches a given value.
LOOPNZ Example
The following code finds the first positive value in an array:
.data
array SWORD -3,-6,-1,-10,10,30,40,4
sentinel SWORD 0
.code
mov esi,OFFSET array
mov ecx,LENGTHOF array
next:
test WORD PTR [esi],8000h
; test sign bit
pushfd
; push flags on stack
add esi,TYPE array
popfd
; pop flags from stack
loopnz next
; continue loop
jnz quit
; none found
sub esi,TYPE array ; ESI points to value
Recall: TYPE returns size in bytes of single element
quit:
Your turn . . .
Locate the first nonzero value in the array. If none is found, let
ESI point to the sentinel value:
.data
array SWORD 50 DUP(?)
sentinel SWORD 0FFFFh
.code
mov esi,OFFSET array
mov ecx,LENGTHOF array
L1:cmp WORD PTR [esi],0; check for zero
(fill in your code here)
quit:
. . . (solution)
.data
array SWORD 50 DUP(?)
sentinel SWORD 0FFFFh
.code
mov esi,OFFSET array
mov ecx,LENGTHOF array
L1:
check for zero
pushfd
add esi,TYPE array
popfd
loope L1
jz quit
sub esi,TYPE array
quit:
cmp WORD PTR [esi],0 ;
; push flags on stack
;
;
;
;
pop flags from stack
continue loop
none found
ESI points to value
Conditional Structures
• Block-Structured IF Statements
• Compound Expressions with AND
• Compound Expressions with OR
• WHILE Loops
• Table-Driven Selection
Block-Structured IF Statements
Assembly language programmers can easily translate logical
statements written in C++/Java into assembly language. For
example:
if( op1 == op2 )
X = 1;
else
X = 2;
mov
cmp
jne
mov
jmp
L1:mov
L2:
eax,op1
eax,op2
L1
X,1
L2
X,2
Your turn . . .
Implement the following pseudocode in assembly
language. All values are unsigned:
if( ebx <= ecx )
{
eax = 5;
edx = 6;
}
cmp
ja
mov
mov
next:
ebx,ecx
next
eax,5
edx,6
(There are multiple correct solutions to this problem.)
Your turn . . .
Implement the following pseudocode in assembly
language. All values are 32-bit signed integers:
if( var1
var3 =
else
{
var3 =
var4 =
}
<= var2 )
10;
6;
7;
mov
cmp
jle
mov
mov
jmp
L1:
mov
L2:
eax,var1
eax,var2
L1
var3,6
var4,7
L2
var3,10
(There are multiple correct solutions to this problem.)
Compound Expression with AND
(1 of 3)
• When implementing the logical AND operator, let’s assume the use
of short-circuit evaluation
• In the following example, if the first expression is false, the second
expression is skipped:
if (al > bl) AND (bl > cl)
X = 1;
Compound Expression with AND
(2 of 3)
if (al > bl) AND (bl > cl)
X = 1;
This is one possible implementation . . .
cmp
ja
jmp
L1:
cmp
ja
jmp
L2:
mov
next:
al,bl
L1
next
; first expression...
bl,cl
L2
next
; second expression...
X,1
; both are true
; set X to 1
Compound Expression with AND
(3 of 3)
if (al > bl) AND (bl > cl)
X = 1;
But the following implementation uses 29% less code by
reversing the first relational operator. We allow the program to
"fall through" to the second expression:
cmp
jbe
cmp
jbe
mov
next:
al,bl
next
bl,cl
next
X,1
;
;
;
;
;
first expression...
quit if false
second expression...
quit if false
both are true
jbe = “jump if below or equal” (unsigned)
Your turn . . .
Implement the following pseudocode in assembly
language. All values are unsigned:
if( ebx <= ecx
&& ecx > edx )
{
eax = 5;
edx = 6;
}
cmp
ja
cmp
jbe
mov
mov
next:
ebx,ecx
next
ecx,edx
next
eax,5
edx,6
(There are multiple correct solutions to this problem.)
Compound Expression with OR
(1 of 2)
• When implementing the logical OR operator, we’ll use use shortcircuit evaluation
• In the following example, if the first expression is true, the second
expression is skipped:
if (al > bl) OR (bl > cl)
X = 1;
Compound Expression with OR
(1 of 2)
if (al > bl) OR (bl > cl)
X = 1;
We can use "fall-through" logic to keep the code as short as
possible:
cmp
ja
cmp
jbe
L1:mov
next:
al,bl
L1
bl,cl
next
X,1
;
;
;
;
;
is AL > BL?
yes
no: is BL > CL?
no: skip next statement
set X to 1
WHILE Loops
A WHILE loop is really an IF statement followed by the body
of the loop, followed by an unconditional jump to the top of
the loop. Consider the following example:
while( eax < ebx)
eax = eax + 1;
This is a possible implementation:
top:cmp eax,ebx
jae next
inc eax
jmp top
next:
;
;
;
;
check loop condition
false? exit loop
body of loop
repeat the loop
Your turn . . .
Implement the following loop, using unsigned 32-bit integers:
while( ebx <= val1)
{
ebx = ebx + 5;
val1 = val1 - 1
}
top:cmp ebx,val1 ; check loop condition
ja next
; false? exit loop
add ebx,5
; body of loop
dec val1
jmp top
; repeat the loop
next:
Table-Driven Selection
(1 of 3)
• Table-driven selection uses a table lookup to
replace a multiway selection structure
• Create a table containing lookup values and the
offsets of labels or procedures
• Use a loop to search the table
• Suited to a large number of comparisons
Case/switch statement pseudo code
case x of
‘A’  action for ‘A’
‘B’  action for ‘B’
‘C’  action for ‘C’
‘D’  action for ‘D’
Case/switch statement pseudo code;
strategy in assembly language
case x of
‘A’  action for ‘A’
‘B’  action for ‘B’
‘C’  action for ‘C’
‘D’  action for ‘D’
In the .data
segment
table BYTE ‘A’
DWORD address of proc action for ‘A’
BYTE ‘B’
DWORD address of proc action for ‘B’
BYTE ‘C’
DWORD address of proc action for ‘C’
BYTE ‘D’
DWORD address of proc action for ‘D’
Table-Driven Selection
(2 of 3)
Step 1: create a table containing lookup values and procedure
offsets:
.data
CaseTable BYTE 'A'
; lookup value
DWORD Process_A
; address of procedure
EntrySize = ($ - CaseTable)
BYTE 'B'
DWORD Process_B
BYTE 'C'
DWORD Process_C
BYTE 'D'
DWORD Process_D
NumberOfEntries = ($ - CaseTable) / EntrySize
Table-Driven Selection
(3 of 3)
Step 2: Use a loop to search the table. When a match is found,
we call the procedure offset stored in the current table entry:
mov ebx,OFFSET CaseTable
mov ecx,NumberOfEntries
L1: cmp al,[ebx]
jne L2
call NEAR PTR [ebx + 1]
jmp L3
L2: add ebx,EntrySize
loop L1
L3:
required for
procedure pointers
; point EBX to the table
; loop counter
;
;
;
;
;
;
match found?
no: continue
yes: call the procedure
and exit the loop
point to next entry
repeat until ECX = 0
Application: Finite-State Machines
• A finite-state machine (FSM) is a graph structure that changes state
based on some input. Also called a state-transition diagram.
• We use a graph to represent an FSM, with squares or circles called
nodes, and lines with arrows between the circles called edges (or
arcs).
• A FSM is a specific instance of a more general structure called a
directed graph (or digraph).
• Three basic states, represented by nodes:
• Start state
• Terminal state(s)
• Nonterminal state(s)
Finite-State Machine
• Accepts any sequence of symbols that puts it into an
accepting (final) state
• Can be used to recognize, or validate a sequence of
characters that is governed by language rules (called a regular
expression)
• Advantages:
• Provides visual tracking of program's flow of
control
• Easy to modify
• Easily implemented in assembly language
FSM Examples
• FSM that recognizes strings beginning with 'x', followed by
letters 'a'..'y', ending with 'z':
'a'..'y'
start
'x'
A
C
B
'z
'
• FSM that recognizes signed integers:
digit
C
digit
start
A
+,-
digit
B
Your turn . . .
• Explain why the following FSM is not correct for
signed integers:
digit
digit
start
A
+,-
B
Implementing an FSM
The following is code from State A in the Integer FSM:
StateA:
call Getnext
cmp al,'+'
je StateB
cmp al,'-'
je StateB
call IsDigit
jz StateC
call DisplayErrorMsg
jmp Quit
;
;
;
;
;
;
;
;
read next char into AL
leading + sign?
go to State B
leading - sign?
go to State B
ZF = 1 if AL = digit
go to State C
invalid input found
IsDigit Procedure
Receives a character in AL. Sets the Zero flag if the character
is a decimal digit.
IsDigit PROC
cmp
al,'0'
jb
ID1
cmp
al,'9'
ja
ID1
test ax,0
ID1: ret
IsDigit ENDP
; ZF = 0
; ZF = 0
; ZF = 1
Flowchart of State A
StateA
GetNext
AL = '+' ?
true
StateB
false
State A accepts a plus or
minus sign, or a decimal
digit.
AL = '-' ?
true
StateB
false
IsDigit
ZF = 1 ?
false
DisplayErrorMsg
quit
true
StateC
Using the .IF Directive
•
•
•
•
•
Runtime Expressions
Relational and Logical Operators
MASM-Generated Code
.REPEAT Directive
.WHILE Directive
Runtime Expressions
• .IF, .ELSE, .ELSEIF, and .ENDIF can be used to evaluate
runtime expressions and create block-structured IF
statements.
• Examples:
.IF eax > ebx
mov edx,1
.ELSE
mov edx,2
.ENDIF
.IF eax > ebx && eax > ecx
mov edx,1
.ELSE
mov edx,2
.ENDIF
• MASM generates "hidden" code for you, consisting of
code labels, CMP and conditional jump instructions.
Relational and Logical Operators
MASM-Generated Code
.data
val1
DWORD 5
result DWORD ?
.code
mov eax,6
.IF eax > val1
mov result,1
.ENDIF
Generated code:
mov eax,6
cmp eax,val1
jbe @C0001
mov result,1
@C0001:
MASM automatically generates an unsigned jump (JBE)
because val1 is unsigned.
MASM-Generated Code
.data
val1
SDWORD 5
result SDWORD ?
.code
mov eax,6
.IF eax > val1
mov result,1
.ENDIF
Generated code:
mov eax,6
cmp eax,val1
jle @C0001
mov result,1
@C0001:
MASM automatically generates a signed jump (JLE) because
val1 is signed.
MASM-Generated Code
.data
result DWORD ?
.code
mov ebx,5
mov eax,6
.IF eax > ebx
mov result,1
.ENDIF
Generated code:
mov ebx,5
mov eax,6
cmp eax,ebx
jbe @C0001
mov result,1
@C0001:
MASM automatically generates an unsigned jump (JBE) when
both operands are registers . . .
MASM-Generated Code
.data
result SDWORD ?
.code
mov ebx,5
mov eax,6
.IF SDWORD PTR eax > ebx
mov result,1
.ENDIF
Generated code:
mov ebx,5
mov eax,6
cmp eax,ebx
jle @C0001
mov result,1
@C0001:
. . . unless you prefix one of the register operands with the
SDWORD PTR operator. Then a signed jump is generated.
CAREFUL: this special case could cause annoying errors!
.REPEAT Directive
Executes the loop body before testing the loop condition
associated with the .UNTIL directive.
Example:
; Display integers 1 – 10:
mov eax,0
.REPEAT
inc eax
call WriteDec
call Crlf
.UNTIL eax == 10
.WHILE Directive
Tests the loop condition before executing the loop body The
.ENDW directive marks the end of the loop.
Example:
; Display integers 1 – 10:
mov eax,0
.WHILE eax < 10
inc eax
call WriteDec
call Crlf
.ENDW